On Wed, Sep 23, 2009 at 1:53 PM, szimszon <szims...@gmail.com> wrote:
> > Okay :) > > I'm not particular good in English but in: > > "• next is the URL to redirect to after success. If the URL > contains the > substring "[id]" this will be replaced by the id of the record > currently > created/updated." > > is nowhere that the URL must not contain '/' in the first place. > ... thanks for the correction ... also, must not be absolute path... > > This is from the book 2nd edition page 217... > > On szept. 23, 18:32, Yarko Tymciurak <yark...@gmail.com> wrote: > > and the point here: currently, the way code is written, [id] in a URL > will > > be replaced by the created/modified id or the record EXCEPT if it is > > relative, or absolute (e.g. ONLY '/' leading URL paths will have [id] > set, > > as shown in the manual). > > > > The question of "what is safe; what isn't" isn't the primary issue here > - > > it is the behavior (advertised/expected; actual; what is really > desired) > > for this "[id]" replacement. > > > > Let's get to that first, shall we? > > > > THEN we can discuss the various path contexts.... > > > > On Tue, Sep 22, 2009 at 11:30 AM, Iceberg <iceb...@21cn.com> wrote: > > > > > Sorry, still don't get the point. In my understanding: > > > 1. URLs that starts with http: or ftp: etc are certainly external URL. > > > 2. URLs that starts with / are absolute path of current host > > > 3. URLs other than above are relative path of current host > > > so which one do you consider dangerous and could you please give an > > > example? > > > > > On Sep22, 5:08am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > because in web2py request.args are optional I think it is dangerous > to > > > > have relative URLs that do not start with '/'. > > > > web2py assumes that if a url does not start with '/' that is an > > > > extenal URL (starts with http:, ftp: etc.) > > > > > > On Sep 21, 11:20 am, Yarko Tymciurak <yark...@gmail.com> wrote: > > > > > > > sounds like this needs to be straightened out; probably deserves > some > > > > > discussion (as Iceberg suggests)... > > > > > > > Massimo - can you add your thoughts to this? > > > > > > > On Sun, Sep 20, 2009 at 4:09 AM, Iceberg <iceb...@21cn.com> wrote: > > > > > > > > On Sep20, 4:28pm, szimszon <szims...@gmail.com> wrote: > > > > > > > I'm a bit puzzled :( > > > > > > > > > I modified the code: > > > > > > > > > n=str(URL(r=request,f='sablonsor_jog')+'/[id]') > > > > > > > sablon_sor=crud.create(db.oklevel_sablon,next=n) > > > > > > > > > but it's not working. Type of 'n' is 'str'. > > > > > > > > > And the > > > > > > > > > n='/borverseny/adatok/sablonsor_jog'+'/[id]' > > > > > > > > > doesn't work either. > > > > > > > > > But > > > > > > > > > n='borverseny/adatok/sablonsor_jog'+'/[id]' > > > > > > > > > works. So I think the point is that if the url string begins > with > > > the > > > > > > > '/' then the replace doesn't work. If the url begins not with > '/' > > > than > > > > > > > everything is working right. > > > > > > > > Yeah, I met same problem before. It is all because web2py's > gluon/ > > > > > > tools.py does the "[id]" magic ONLY for a url NOT begins with the > > > '/'. > > > > > > The source code has many snippets like this. > > > > > > > > if next and not next[0] == '/' and next[:4] != > 'http': > > > > > > next = self.url(next.replace('[id]', str > > > > > > (form.vars.id))) > > > > > > > > I don't know the reason for requiring a leading '/'. Perhaps > Massimo > > > > > > will tell us more. > > > > > > > > Sincerely, > > > > > > Iceberg > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---